Afilias Anti-Abuse Policy

The following policy (“Afilias Domain Anti-Abuse Policy”) is announced pursuant to section 3.5.2 of the Registry-Registrar Agreement (“RRA”) in effect between Afilias and each of its Registrars, and is effective upon thirty days’ notice by Afilias to Registrars. Abusive use(s) of domain names within Afilias owned and operated Top Level Domains (TLDs) should not be tolerated.

The nature of such abuses creates security and stability issues for the registry, registrars and registrants, as well as for users of the Internet in general. Afilias defines abusive use as the wrong or excessive use of power, position or ability, and includes, without limitation, the following:

Illegal or fraudulent actions;

Spam: The use of electronic messaging systems to send unsolicited bulk messages. The term applies to e-mail spam and similar abuses such as instant messaging spam, mobile messaging spam, and the spamming of Websites and Internet forums. An example, for purposes of illustration, would be the use of email in denial-of-service attacks;

Phishing: The use of counterfeit Web pages that are designed to trick recipients into divulging sensitive data such as usernames, passwords, or financial data;

Pharming: The redirecting of unknowing users to fraudulent sites or services, typically through DNS hijacking or poisoning;

Willful distribution of malware: The dissemination of software designed to infiltrate or damage a computer system without the owner’s informed consent. Examples include, without limitation, computer viruses, worms, keyloggers, and trojan horses;

Fast flux hosting: Use of fast-flux techniques to disguise the location of Websites or other Internet services, or to avoid detection and mitigation efforts, or to host illegal activities. Fast-flux techniques use DNS to frequently change the location on the Internet to which the domain name of an Internet host or name server resolves. Fast flux hosting may be used only with prior permission of Afilias;

Botnet command and control: Services run on a domain name that are used to control a collection of compromised computers or “zombies,” or to direct denial-of-service attacks (DDoS attacks);

Distribution of child pornography; and

Illegal Access to Other Computers or Networks: Illegally accessing computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individual’s system (often known as “hacking”). Also, any activity that might be used as a precursor to an attempted system penetration (e.g., port scan, stealth scan, or other information gathering activity).

Pursuant to Section 3.6.5 of the RRA, Afilias reserves the right to deny, cancel or transfer any registration or transaction, or place any domain name(s) on registry lock, hold or similar status, that it deems necessary, in its discretion; (1) to protect the integrity and stability of the registry; (2) to comply with any applicable laws, government rules or requirements, requests of law enforcement, or any dispute resolution process; (3) to avoid any liability, civil or criminal, on the part of Afilias, as well as its affiliates, subsidiaries, officers, directors, and employees; (4) per the terms of the registration agreement or (5) to correct mistakes made by Afilias or any Registrar in connection with a domain name registration. Afilias also reserves the right to place upon registry lock, hold or similar status a domain name during resolution of a dispute. Abusive uses, as defined above, undertaken with respect to domain names within the TLD shall give rise to the right of Afilias to take such actions under Section 3.6.5 of the RRA in its sole discretion.

Registrars shall include in their Registration Agreements a provision prohibiting Registered Name Holders from distributing malware, abusively operating botnets, phishing, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law, and providing (consistent with applicable law and any related procedures) consequences for such activities including suspension of the domain name.